Instructions to use hacnho/tensorrt-detectionlayer-suppression-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-detectionlayer-suppression-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
| tags: | |
| - security | |
| - huntr | |
| - model-file | |
| - tensorrt | |
| - detectionlayer | |
| - backdoor | |
| # TensorRT DetectionLayer silent suppression proof of concept | |
| This repository contains a bounded research PoC for TensorRT engine files that | |
| embed a `DetectionLayer_TRT` payload with semantically invalid serialized | |
| parameters. | |
| The security question is whether a normal engine load + inference path will | |
| silently suppress detections compared with a benign control engine. | |
| ## Files | |
| - `control.engine` | |
| - `neg_keepTopK.engine` | |
| - `verify_remote_poc.py` | |
| - `requirements.txt` | |
| ## What the files do | |
| Both files are valid TensorRT engine files that load via: | |
| ```python | |
| runtime.deserialize_cuda_engine(...) | |
| ``` | |
| Both also execute via: | |
| - `engine.create_execution_context()` | |
| - `execute_async_v3(0)` | |
| Control behavior: | |
| ```json | |
| { | |
| "positive_cls": [0.5], | |
| "mixed_bbox": [0.11951626092195511] | |
| } | |
| ``` | |
| Malicious behavior: | |
| ```json | |
| { | |
| "positive_cls": [0.0], | |
| "mixed_bbox": [0.0] | |
| } | |
| ``` | |
| ## Verify the public HF artifacts | |
| After unauthenticated download, run: | |
| ```bash | |
| python verify_remote_poc.py | |
| ``` | |
| Expected result: | |
| - both engines load successfully | |
| - control and malicious execution both succeed | |
| - the malicious engine suppresses outputs that are present in the control engine | |
| ## Safety note | |
| This is a bounded research PoC: | |
| - no code execution claim | |
| - no external callbacks | |
| - only deterministic execute-time output suppression after a trusted engine load | |